[ISN] Book Review: IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job

From: InfoSec News (alerts@private)
Date: Wed Dec 19 2007 - 22:22:17 PST


http://books.slashdot.org/article.pl?sid=07/12/19/1547202

[ http://www.amazon.com/exec/obidos/ASIN/0471779873/c4iorg  - WK]

Author:  	Chris Butler
Pages: 	        218
Publisher: 	Wiley
Rating: 	8
Reviewer: 	Ben Rothke
ISBN:   	0471779873
Summary 	Good review for a pro, but not for newbies.

If you find information security challenging and either want a job in 
the field or are looking for a better job in the field, the book will be 
quite valuable. But for those looking for a hot security job, their 
lackings will likely show through on in interview, even with the help of 
this book.

As to the actual content, chapter 1 provides a good overview of how to 
find, interview and get a security job. The chapter contains many bits 
of helpful information, especially to those whose job seeking skills are 
deficient. A good piece of advice the author's state is that one should 
never pay a fee for headhunting services. There are many people that 
call themselves recruiters, but are nothing more than fax servers who 
charge for the service. The burden to pay is always on the hiring firm, 
and a job seeker should be extremely suspicious of anyone requesting a 
fee to find them a position.

I would hope that in future editions of the book, the authors expand on 
chapter one. The chapter itself in fact could easily me made into a book 
in its own right. As part of the job search process, many job searchers 
often do not ask themselves enough fundamental questions if they are 
indeed in the right place in their career. Such an approach is taken by 
Lee Kushner, founder and CEO of the information security recruitment 
firm LJ Kushner and Associates. Kushner formulated the following 7 
questions that every information security job candidate should ask 
themselves:

1. What are my long and short term plans?

2. What are my strengths and weaknesses?

3. What skills do I need to develop?

4. Have I acquired a new skill during the past year?

5. What are my most significant career accomplishments and will I soon 
   achieve another one?

6. Have I been promoted over the past three years?

7. What investments have I made in my own career?

The other 9 chapters of the book all have the same format; an overview 
of the topic, and then various questions and interviewer may pose. The 
reality that these topics of network and security fundamentals, 
firewalls, regulations, wireless, security tools, and more, are 
essential knowledge for a security professional. Anyone trying to go 
through a comprehensive information security interview and wing it by 
reviewing the material will likely only succeed if the interviewer is 
inept. Anyone attempting to mimic the questions and answers in the book 
in a real-world interview will immediately be found to be a sham if the 
interviewer deviates even slightly from the script, which should be 
expected.

What really separates a good candidate from a great candidate is 
hands-on, practical and real-world security experience. Such a candidate 
won't need a question and answer format to showcase themselves in an 
interview. Their experience should shine, and not their ability to 
rattle of security acronyms.

If a company is serious about hiring qualified people, the interview 
process should not be about short technical questions and acronym 
definitions. It should entail an open discussion with significant give 
and take. Having a candidate detail their methodology for deploying and 
configuring a firewall should be given more credence than their ability 
to define the TCP the three-way handshake.

Ultimately, the efficacy of the book is in the disposition of the 
reader. For the security newbie who wants a crash course in security in 
order to quickly land a security job, heaven help the company that would 
hire such a person. While one should indeed not judge a book by its 
cover; this book's cover and title may lead some readers to think that 
the book is their golden ticket to a quick landing into a great career. 
The breadth of information that a security professional needs to know 
precludes and short of cramming or quick introductions. Those with a 
lack of security experience attempting to use this book to hide their 
shortcomings will only embarrass themselves on an interview.

On the other hand, for the reader who has a background in information 
security who wants an update on network and security fundamentals, they 
will find IT Security Interviews Exposed a helpful title. The book 
contains a plethora of valuable information written in a clear and easy 
to read style. In a little over 200 pages, the book is able to provide 
the reader with a good review of what they know or may have forgotten. 
Used in such a setting by such a reader makes the book a most helpful 
tool for the serious security professional looking to advance their 
career.

-=-

Ben Rothke is a security consultant with BT INS and the author of 
Computer Security: 20 Things Every Employee Should Know.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Wed Dec 19 2007 - 22:34:11 PST